Description

The first issue is that in some circumstances the same cache key can be generated for
two preflight requests on a site. As a result, if a second request is made that will match
the cached key generated by an earlier request, CORS checks will be bypassed because the
system will see the previously cached request as applicable.

In the second issue, when some Access-Control- headers are missing from
CORS responses, the values from different Access-Control- headers can be used
that present in the same response.

In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.